From 8ebdbaa1d173060d439f6d8a40dfea5554c7ebff Mon Sep 17 00:00:00 2001 From: John David White Date: Thu, 3 Apr 2025 13:10:19 +0100 Subject: [PATCH 1/2] Review file permission for otel collector config --- internal/collector/settings.go | 33 +++++++++++++++++++++-------- internal/collector/settings_test.go | 16 ++++++++++++++ 2 files changed, 40 insertions(+), 9 deletions(-) diff --git a/internal/collector/settings.go b/internal/collector/settings.go index a4314401d1..d8f99870ff 100644 --- a/internal/collector/settings.go +++ b/internal/collector/settings.go @@ -73,6 +73,26 @@ func createURIs(cfg *config.Config) []string { return []string{cfg.Collector.ConfigPath} } +func createFile(err error, confPath string) error { + if !os.IsNotExist(err) { + return err + } + + // Create if doesn't exist. + _, createErr := os.Create(confPath) + if createErr != nil { + return createErr + } + + // Set the file permissions to 600. + permissionErr := os.Chmod(confPath, configFilePermission) + if permissionErr != nil { + return permissionErr + } + + return nil +} + // Generates a OTel Collector config to a file by injecting the Metrics Config to a Go template. func writeCollectorConfig(conf *config.Collector) error { otelcolTemplate, err := template.New(otelTemplatePath).Parse(otelcolTemplate) @@ -82,17 +102,12 @@ func writeCollectorConfig(conf *config.Collector) error { confPath := filepath.Clean(conf.ConfigPath) - // Check if file exists. + // Check if file exists, if not create it. _, err = os.Stat(confPath) if err != nil { - if !os.IsNotExist(err) { - return err - } - - // Create if doesn't exist. - _, createErr := os.Create(confPath) - if createErr != nil { - return createErr + fileErr := createFile(err, confPath) + if fileErr != nil { + return fileErr } } diff --git a/internal/collector/settings_test.go b/internal/collector/settings_test.go index 3d10890c7f..742f371d6b 100644 --- a/internal/collector/settings_test.go +++ b/internal/collector/settings_test.go @@ -171,3 +171,19 @@ func TestTemplateWrite(t *testing.T) { // Convert to string for human readable error messages. assert.Equal(t, string(expected), string(actual)) } + +func TestFilePermissions(t *testing.T) { + tmpDir := t.TempDir() + + cfg := types.AgentConfig() + actualConfPath := filepath.Join(tmpDir, "nginx-agent-otelcol-test.yaml") + cfg.Collector.ConfigPath = actualConfPath + + err := writeCollectorConfig(cfg.Collector) + require.NoError(t, err) + + // Check file permissions are 600 + fileInfo, err := os.Stat(actualConfPath) + require.NoError(t, err) + assert.Equal(t, os.FileMode(0o600), fileInfo.Mode()) +} From 2ae41cfb0cf7710863cdd8f0b5e603bc7f97a7a2 Mon Sep 17 00:00:00 2001 From: John David White Date: Thu, 17 Apr 2025 11:17:24 +0100 Subject: [PATCH 2/2] Merge v3, removed error from parameters --- internal/collector/settings.go | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/internal/collector/settings.go b/internal/collector/settings.go index d8f99870ff..62e92afbb7 100644 --- a/internal/collector/settings.go +++ b/internal/collector/settings.go @@ -73,11 +73,7 @@ func createURIs(cfg *config.Config) []string { return []string{cfg.Collector.ConfigPath} } -func createFile(err error, confPath string) error { - if !os.IsNotExist(err) { - return err - } - +func createFile(confPath string) error { // Create if doesn't exist. _, createErr := os.Create(confPath) if createErr != nil { @@ -105,7 +101,11 @@ func writeCollectorConfig(conf *config.Collector) error { // Check if file exists, if not create it. _, err = os.Stat(confPath) if err != nil { - fileErr := createFile(err, confPath) + if !os.IsNotExist(err) { + return err + } + + fileErr := createFile(confPath) if fileErr != nil { return fileErr }